• US government sends warning letter to retailers about ongoing breach investigation

US government sends warning letter to retailers about ongoing breach investigation

Reuters reports that the U.S. government today sent a confidential 16-page letter to retailers, which it says "describes the malicious software and techniques used to attack Target Corp. late last year."

The letter was written with help from security firm iSIGHT Partners, a cyber intelligence firm with offices in 16 countries. In a blog post yesterday, iSIGHT confirmed that it is working with the U.S. Secret Service on the case, and offered this chilling bit of news:

The identification and dissection of the malicious code provides two immediately important insights:

  1. Recent retailer data breaches may not have been targeted attacks, but may well be part of a broader data theft scheme focused on many operators of point-of-sale systems.
  2. The scope, scale, and reach of recent data breaches is not yet known.

The piece of malicious software that has been identified is named KAPTOXA (pronounced kar-toe-sha), and iSIGHT says it has "potentially infected a large number of retail information systems." We asked iSIGHT′s Tiffany Jones, the author of the blog, whether they could give any indication of how many different retailers might be affected, but she was not able to comment, citing an "ongoing investigation." 

The first traces of KAPTOXA were noticed by iSIGHT in June 2013. The software "contains a new kind of attack method that is able to covertly subvert network controls and common forensic tactics, concealing all data transfers and executions that may have been run, rendering it harder to detect."

Related Content

User Comments – Give us your opinion!
  • Milos Dunjic
    7832546
    I am sure that many tools NSA uses were written by Russians as well. Who originally wrote the software should not really matter. The 'Russian teenager' made his buck by selling the malware to the people who committed the data breach. That is where probably 'Russian connection' ends. James Bond conspiracy won't help payment industry in the US Who planted it inside the POS terminals, and why Target and its Acquirer processor did not detect the breach in the first place are the main questions. Don't they check the POS software stack digital signature? What about PCI DSS? Is it useless in preventing these kinds of most likely insider type attacks? EMV + end to end unique per txn PAN tokenization (transparent to the merchant, acquirer) is the best deterrence mechanism against credit card collection and usage in online channel. Make the txn info useless to anybody except card issuer and that solves this.
  • Jon von Gunten
    7809936
    Rolling transaction-authorization passwords solve a lot, but retailers prefer to (so far unsuccessfully) harden network hdw and sfw, rather than slow down store lines or inconvenience customers with that added step. But it's not that hard to implement, and needn't slow lines any more than fishing for a credit card. They're already slowed by debit card users entering personal codes.
Products & Services

NEC MultiSync Professional Series

http://global.networldalliance.com/new/images/products/P401_HO_72.jpg

57/NEC-MultiSync-Professional-Series

Digital Signage & Kiosk Software - Nanopoint

http://global.networldalliance.com/new/images/products/2259.png

2259/Digital-Signage-Kiosk-Software-Nanopoint

Cell Phone/Mobile Charging Station

http://global.networldalliance.com/new/images/products/6655.png

6655/Cell-Phone-Mobile-Charging-Station

Olea Healthcare Kiosks

http://global.networldalliance.com/new/images/products/6295.png

6295/Olea-Healthcare-Kiosks

SlideBuy Interactive Shelf Merchandising System

http://global.networldalliance.com/new/images/products/4746.png

4746/SlideBuy-Interactive-Shelf-Merchandising-System

Brand extension

http://global.networldalliance.com/new/images/products/6641.png

6641/Brand-extension

SoloHealth Station® Kiosk

http://global.networldalliance.com/new/images/products/5687.png

5687/SoloHealth-Station-Kiosk

Total-Mobile Merchant Services

http://global.networldalliance.com/new/images/products/6199.png

6199/Total-Mobile-Merchant-Services

LG 47LN549E

http://global.networldalliance.com/new/images/products/6437.png

6437/LG-47LN549E

License Renewal Kiosk

http://global.networldalliance.com/new/images/products/4521.png

4521/License-Renewal-Kiosk

CONNECT 2014 Mobile Innovation Summit
Request Information From Suppliers
Save time looking for suppliers. Complete this form to submit a Request for Information to our entire network of partners.